Carphone Warehouse hack: 2.4 million customers affected

Personal data of 2.4 million Carphone Warehouse customers may have been compromised by hackers. The retailer also warned customers that encrypted credit card details of 90,000 people may have been stolen.

Carphone Warehouse discovered a "sophisticated attack" on its systems on 5 August but didn't tell customers about the breach until 8 August. The company said it had been working "intensively" to establish the severity of the attack.

Advertisement

It said that the names, addresses, dates of birth and bank details of up to 2.4 million customers could have been accessed in the breach. Affected customers were being contacted by email. Encrypted credit card data of 90,000 customers "may also have been accessed", the company said.

At a glance: what you need to know

Any customers affected by the breach will be contacted by Carphone Warehouse. If you don't hear anything, you don't need to worry

Tell your bank or credit card company so they can monitor any unusual activity on your account

Change the password on your Carphone Warehouse account and any other related accounts

Don't give out personal information such as bank details or passwords to cold callers and be wary of suspicious emails

Use an online credit rating firm (such as Experian) to check if anyone has applied for credit in your name

The hack also hit users of TalkMobile TalkTalk Mobile and the iD mobile phone network. Other sites affected by the attack include OneStopPhoneShop.co.uk, e2save.com and Mobiles.co.uk.

Parent company Dixons Carphone said customer data held by Currys, PCWorld and Dixons Travel was not affected.

Advertisement

The retailer said there was no evidence that customer information had been sold or misused. The Information Commissioner's Office, which investigates data breaches in the UK, said it was aware of the incident and was "making enquiries".

In a statement Carphone Warehouse urged customers to check their online accounts and bank statement for any suspicious activity.

Customers should also notify their bank or credit card company, be wary of suspicious calls or emails and check their online credit rating to make sure nobody has fraudulently applied for a credit card in their name.